@quantracode/vibecheck 0.0.1 → 0.0.2

package/dist/scanners/crypto/jwt-decode-unverified.d.ts

@@ -1,14 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "../types.js";
-/**
- * VC-CRYPTO-002: JWT decoded but not verified
- *
- * Detects:
- * - jwt.decode(...) usage (jsonwebtoken)
- * - OR custom decode without verify call
- *
- * Precision:
- * - If jsonwebtoken is used, flag when decode is used AND no jwt.verify in same file
- */
-export declare function scanJwtDecodeUnverified(context: ScanContext): Promise<Finding[]>;
-//# sourceMappingURL=jwt-decode-unverified.d.ts.map

package/dist/scanners/crypto/jwt-decode-unverified.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt-decode-unverified.d.ts","sourceRoot":"","sources":["../../../src/scanners/crypto/jwt-decode-unverified.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAgB,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C;;;;;;;;;GASG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CA+EtF"}

package/dist/scanners/crypto/jwt-decode-unverified.js

@@ -1,87 +0,0 @@
-import { resolvePath } from "../../utils/file-utils.js";
-import { generateFingerprint, generateFindingId } from "../../utils/fingerprint.js";
-const RULE_ID = "VC-CRYPTO-002";
-/**
- * VC-CRYPTO-002: JWT decoded but not verified
- *
- * Detects:
- * - jwt.decode(...) usage (jsonwebtoken)
- * - OR custom decode without verify call
- *
- * Precision:
- * - If jsonwebtoken is used, flag when decode is used AND no jwt.verify in same file
- */
-export async function scanJwtDecodeUnverified(context) {
-    const { repoRoot, fileIndex, helpers } = context;
-    const findings = [];
-    for (const relPath of fileIndex.allSourceFiles) {
-        const absPath = resolvePath(repoRoot, relPath);
-        const sourceFile = helpers.parseFile(absPath);
-        if (!sourceFile)
-            continue;
-        const jwtDecodes = helpers.findJwtDecodeWithoutVerify(sourceFile);
-        for (const decode of jwtDecodes) {
-            // Only flag if no verify in the same file
-            if (decode.hasVerifyInFile)
-                continue;
-            const evidence = [
-                {
-                    file: relPath,
-                    startLine: decode.line,
-                    endLine: decode.line,
-                    snippet: decode.snippet,
-                    label: "jwt.decode() used without jwt.verify()",
-                },
-            ];
-            const fingerprint = generateFingerprint({
-                ruleId: RULE_ID,
-                file: relPath,
-                symbol: "jwt.decode",
-                startLine: decode.line,
-            });
-            findings.push({
-                id: generateFindingId({
-                    ruleId: RULE_ID,
-                    file: relPath,
-                    symbol: "jwt.decode",
-                    startLine: decode.line,
-                }),
-                ruleId: RULE_ID,
-                title: "JWT decoded without signature verification",
-                description: `jwt.decode() is used without a corresponding jwt.verify() call in this file. The decode function only parses the JWT payload without verifying the signature, meaning an attacker could forge tokens with arbitrary claims. Always verify JWT signatures before trusting the payload.`,
-                severity: "critical",
-                confidence: 0.9,
-                category: "crypto",
-                evidence,
-                remediation: {
-                    recommendedFix: `Use jwt.verify() instead of jwt.decode() to ensure the token signature is valid.`,
-                    patch: `import jwt from 'jsonwebtoken';
-
-// WRONG - doesn't verify signature:
-// const payload = jwt.decode(token);
-
-// CORRECT - verifies signature:
-try {
-  const payload = jwt.verify(token, process.env.JWT_SECRET);
-  // Token is valid, payload can be trusted
-} catch (error) {
-  // Token is invalid or expired
-  throw new Error('Invalid token');
-}
-
-// If you need to read claims before verification (e.g., to get kid for key lookup):
-const header = jwt.decode(token, { complete: true })?.header;
-const kid = header?.kid;
-// ... look up the correct key ...
-const payload = jwt.verify(token, key); // MUST verify before trusting`,
-                },
-                links: {
-                    cwe: "https://cwe.mitre.org/data/definitions/347.html",
-                    owasp: "https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html",
-                },
-                fingerprint,
-            });
-        }
-    }
-    return findings;
-}

package/dist/scanners/crypto/math-random-tokens.d.ts

@@ -1,13 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "../types.js";
-/**
- * VC-CRYPTO-001: Math.random used for tokens/secrets
- *
- * Detects Math.random used to generate:
- * - tokens, api keys, reset codes, session ids
- *
- * Two-signal:
- * - Math.random present AND variable/function name includes sensitive keywords
- */
-export declare function scanMathRandomTokens(context: ScanContext): Promise<Finding[]>;
-//# sourceMappingURL=math-random-tokens.d.ts.map

package/dist/scanners/crypto/math-random-tokens.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"math-random-tokens.d.ts","sourceRoot":"","sources":["../../../src/scanners/crypto/math-random-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAgB,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAyEnF"}

package/dist/scanners/crypto/math-random-tokens.js

@@ -1,80 +0,0 @@
-import { resolvePath } from "../../utils/file-utils.js";
-import { generateFingerprint, generateFindingId } from "../../utils/fingerprint.js";
-const RULE_ID = "VC-CRYPTO-001";
-/**
- * VC-CRYPTO-001: Math.random used for tokens/secrets
- *
- * Detects Math.random used to generate:
- * - tokens, api keys, reset codes, session ids
- *
- * Two-signal:
- * - Math.random present AND variable/function name includes sensitive keywords
- */
-export async function scanMathRandomTokens(context) {
-    const { repoRoot, fileIndex, helpers } = context;
-    const findings = [];
-    for (const relPath of fileIndex.allSourceFiles) {
-        const absPath = resolvePath(repoRoot, relPath);
-        const sourceFile = helpers.parseFile(absPath);
-        if (!sourceFile)
-            continue;
-        const mathRandomUsages = helpers.findMathRandomUsage(sourceFile);
-        for (const usage of mathRandomUsages) {
-            if (!usage.isSensitiveContext)
-                continue;
-            const evidence = [
-                {
-                    file: relPath,
-                    startLine: usage.line,
-                    endLine: usage.line,
-                    snippet: usage.snippet,
-                    label: `Math.random used for "${usage.variableName}"`,
-                },
-            ];
-            const fingerprint = generateFingerprint({
-                ruleId: RULE_ID,
-                file: relPath,
-                symbol: usage.variableName,
-                startLine: usage.line,
-            });
-            findings.push({
-                id: generateFindingId({
-                    ruleId: RULE_ID,
-                    file: relPath,
-                    symbol: usage.variableName,
-                    startLine: usage.line,
-                }),
-                ruleId: RULE_ID,
-                title: `Insecure random for ${usage.variableName}`,
-                description: `Math.random() is used to generate "${usage.variableName}" which appears to be a security-sensitive value. Math.random() is not cryptographically secure - its output can be predicted if an attacker knows the internal state. This makes tokens, session IDs, or reset codes guessable.`,
-                severity: "high",
-                confidence: 0.85,
-                category: "crypto",
-                evidence,
-                remediation: {
-                    recommendedFix: `Use crypto.randomBytes() or crypto.randomUUID() for security-sensitive random values.`,
-                    patch: `import { randomBytes, randomUUID } from 'crypto';
-
-// For tokens/keys (hex string):
-const token = randomBytes(32).toString('hex');
-
-// For session IDs (URL-safe base64):
-const sessionId = randomBytes(24).toString('base64url');
-
-// For UUIDs:
-const id = randomUUID();
-
-// For numbers in a range (e.g., 6-digit code):
-const code = randomBytes(4).readUInt32BE() % 1000000;
-const resetCode = code.toString().padStart(6, '0');`,
-                },
-                links: {
-                    cwe: "https://cwe.mitre.org/data/definitions/338.html",
-                    owasp: "https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html",
-                },
-                fingerprint,
-            });
-        }
-    }
-    return findings;
-}

package/dist/scanners/crypto/weak-hashing.d.ts

@@ -1,11 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "../types.js";
-/**
- * VC-CRYPTO-003: Weak hashing for passwords
- *
- * Detect:
- * - bcrypt usage with saltRounds < 10
- * - crypto.createHash('md5'|'sha1') used on password-like vars
- */
-export declare function scanWeakHashing(context: ScanContext): Promise<Finding[]>;
-//# sourceMappingURL=weak-hashing.d.ts.map

package/dist/scanners/crypto/weak-hashing.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"weak-hashing.d.ts","sourceRoot":"","sources":["../../../src/scanners/crypto/weak-hashing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAgB,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CA0F9E"}

package/dist/scanners/crypto/weak-hashing.js

@@ -1,95 +0,0 @@
-import { resolvePath } from "../../utils/file-utils.js";
-import { generateFingerprint, generateFindingId } from "../../utils/fingerprint.js";
-const RULE_ID = "VC-CRYPTO-003";
-/**
- * VC-CRYPTO-003: Weak hashing for passwords
- *
- * Detect:
- * - bcrypt usage with saltRounds < 10
- * - crypto.createHash('md5'|'sha1') used on password-like vars
- */
-export async function scanWeakHashing(context) {
-    const { repoRoot, fileIndex, helpers } = context;
-    const findings = [];
-    for (const relPath of fileIndex.allSourceFiles) {
-        const absPath = resolvePath(repoRoot, relPath);
-        const sourceFile = helpers.parseFile(absPath);
-        if (!sourceFile)
-            continue;
-        const weakHashUsages = helpers.findWeakHashUsage(sourceFile);
-        for (const usage of weakHashUsages) {
-            const evidence = [
-                {
-                    file: relPath,
-                    startLine: usage.line,
-                    endLine: usage.line,
-                    snippet: usage.snippet,
-                    label: `Weak hash algorithm: ${usage.algorithm}`,
-                },
-            ];
-            const fingerprint = generateFingerprint({
-                ruleId: RULE_ID,
-                file: relPath,
-                symbol: usage.algorithm,
-                startLine: usage.line,
-            });
-            // Determine title and description based on algorithm
-            let title;
-            let description;
-            let patch;
-            if (usage.algorithm.startsWith("bcrypt")) {
-                title = "Bcrypt with insufficient salt rounds";
-                description = `Bcrypt is configured with low salt rounds (${usage.algorithm}). The cost factor should be at least 10 (ideally 12+) to provide adequate protection against brute-force attacks. Lower values make password cracking significantly faster.`;
-                patch = `import bcrypt from 'bcrypt';
-
-// Use at least 10 salt rounds (12 recommended):
-const SALT_ROUNDS = 12;
-
-const hashedPassword = await bcrypt.hash(password, SALT_ROUNDS);`;
-            }
-            else if (usage.algorithm === "md5" || usage.algorithm === "sha1") {
-                title = `Weak hash algorithm (${usage.algorithm.toUpperCase()}) ${usage.isPasswordContext ? "for password" : "detected"}`;
-                description = `${usage.algorithm.toUpperCase()} is cryptographically broken and should not be used for security purposes${usage.isPasswordContext ? ", especially for passwords" : ""}. MD5 can be brute-forced or attacked with rainbow tables in seconds. SHA1 has known collision vulnerabilities.`;
-                patch = `// For passwords, use bcrypt or argon2:
-import bcrypt from 'bcrypt';
-const hashedPassword = await bcrypt.hash(password, 12);
-
-// For non-password hashing (integrity checks, etc.):
-import { createHash } from 'crypto';
-const hash = createHash('sha256').update(data).digest('hex');`;
-            }
-            else {
-                title = `Weak cryptographic configuration: ${usage.algorithm}`;
-                description = `The cryptographic configuration "${usage.algorithm}" is considered weak and should be updated to current standards.`;
-                patch = `// Use modern, secure algorithms and configurations`;
-            }
-            findings.push({
-                id: generateFindingId({
-                    ruleId: RULE_ID,
-                    file: relPath,
-                    symbol: usage.algorithm,
-                    startLine: usage.line,
-                }),
-                ruleId: RULE_ID,
-                title,
-                description,
-                severity: usage.isPasswordContext ? "high" : "medium",
-                confidence: usage.isPasswordContext ? 0.9 : 0.75,
-                category: "crypto",
-                evidence,
-                remediation: {
-                    recommendedFix: usage.isPasswordContext
-                        ? "Use bcrypt with at least 10 salt rounds, or argon2id for new applications."
-                        : "Use SHA-256 or stronger for integrity checks. For passwords, use bcrypt or argon2.",
-                    patch,
-                },
-                links: {
-                    cwe: "https://cwe.mitre.org/data/definitions/328.html",
-                    owasp: "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html",
-                },
-                fingerprint,
-            });
-        }
-    }
-    return findings;
-}

package/dist/scanners/env-config.d.ts

@@ -1,24 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "./types.js";
-interface EnvUsage {
-    name: string;
-    file: string;
-    line: number;
-    snippet: string;
-}
-/**
- * Parse .env.example file and extract defined variable names
- */
-export declare function parseEnvExample(content: string): Set<string>;
-/**
- * Find all process.env usages in source files
- */
-export declare function findEnvUsages(sourceFiles: string[], targetDir: string): EnvUsage[];
-/**
- * ENV/Config Mirage Scanner
- *
- * Finds process.env usage and checks if variables are documented in .env.example
- */
-export declare function scanEnvConfig(context: ScanContext): Promise<Finding[]>;
-export {};
-//# sourceMappingURL=env-config.d.ts.map

package/dist/scanners/env-config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"env-config.d.ts","sourceRoot":"","sources":["../../src/scanners/env-config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,MAAM,mBAAmB,CAAC;AAGzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAyB9C,UAAU,QAAQ;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAiB5D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAChB,QAAQ,EAAE,CA6CZ;AASD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAmF5E"}

package/dist/scanners/env-config.js

@@ -1,164 +0,0 @@
-import { readFileSync, resolvePath } from "../utils/file-utils.js";
-import { generateFingerprint, generateFindingId } from "../utils/fingerprint.js";
-const RULE_ID = "VC-CONFIG-001";
-/**
- * Patterns that indicate a secret-like environment variable
- */
-const SECRET_PATTERNS = /SECRET|KEY|TOKEN|PASSWORD|PRIVATE|CREDENTIAL|API_KEY|AUTH/i;
-/**
- * Regex to find process.env.VARIABLE_NAME usage
- * Captures the variable name in group 1
- *
- * Limitations:
- * - Does not handle computed property access like process.env[varName]
- * - Does not handle destructuring like const { FOO } = process.env
- * - May match in comments (basic regex limitation)
- */
-const PROCESS_ENV_REGEX = /process\.env\.([A-Z][A-Z0-9_]*)/g;
-/**
- * Regex to find process.env["VARIABLE"] or process.env['VARIABLE'] usage
- */
-const PROCESS_ENV_BRACKET_REGEX = /process\.env\[['"]([A-Z][A-Z0-9_]*)['"]\]/g;
-/**
- * Parse .env.example file and extract defined variable names
- */
-export function parseEnvExample(content) {
-    const vars = new Set();
-    const lines = content.split("\n");
-    for (const line of lines) {
-        const trimmed = line.trim();
-        // Skip comments and empty lines
-        if (trimmed.startsWith("#") || trimmed === "")
-            continue;
-        // Match VAR_NAME= or VAR_NAME (without value)
-        const match = trimmed.match(/^([A-Z][A-Z0-9_]*)(?:=|$)/);
-        if (match) {
-            vars.add(match[1]);
-        }
-    }
-    return vars;
-}
-/**
- * Find all process.env usages in source files
- */
-export function findEnvUsages(sourceFiles, targetDir) {
-    const usages = [];
-    for (const relFile of sourceFiles) {
-        const absPath = resolvePath(targetDir, relFile);
-        const content = readFileSync(absPath);
-        if (!content)
-            continue;
-        const lines = content.split("\n");
-        // Find dot notation: process.env.VAR_NAME
-        for (const match of content.matchAll(PROCESS_ENV_REGEX)) {
-            const varName = match[1];
-            const index = match.index;
-            // Find line number
-            const beforeMatch = content.slice(0, index);
-            const lineNumber = beforeMatch.split("\n").length;
-            usages.push({
-                name: varName,
-                file: relFile,
-                line: lineNumber,
-                snippet: lines[lineNumber - 1]?.trim() ?? "",
-            });
-        }
-        // Find bracket notation: process.env["VAR_NAME"]
-        for (const match of content.matchAll(PROCESS_ENV_BRACKET_REGEX)) {
-            const varName = match[1];
-            const index = match.index;
-            const beforeMatch = content.slice(0, index);
-            const lineNumber = beforeMatch.split("\n").length;
-            usages.push({
-                name: varName,
-                file: relFile,
-                line: lineNumber,
-                snippet: lines[lineNumber - 1]?.trim() ?? "",
-            });
-        }
-    }
-    return usages;
-}
-/**
- * Determine severity based on variable name
- */
-function getSeverity(varName) {
-    return SECRET_PATTERNS.test(varName) ? "high" : "medium";
-}
-/**
- * ENV/Config Mirage Scanner
- *
- * Finds process.env usage and checks if variables are documented in .env.example
- */
-export async function scanEnvConfig(context) {
-    const { targetDir, sourceFiles } = context;
-    const findings = [];
-    // Check for .env.example
-    const envExamplePath = resolvePath(targetDir, ".env.example");
-    const envExampleContent = readFileSync(envExamplePath);
-    // Get documented env vars (empty set if no .env.example)
-    const documentedVars = envExampleContent
-        ? parseEnvExample(envExampleContent)
-        : new Set();
-    // Find all env usages
-    const usages = findEnvUsages(sourceFiles, targetDir);
-    // Group usages by variable name
-    const usagesByVar = new Map();
-    for (const usage of usages) {
-        const existing = usagesByVar.get(usage.name) ?? [];
-        existing.push(usage);
-        usagesByVar.set(usage.name, existing);
-    }
-    // Check each variable
-    for (const [varName, varUsages] of usagesByVar) {
-        if (documentedVars.has(varName)) {
-            continue; // Variable is documented, no finding
-        }
-        const severity = getSeverity(varName);
-        const firstUsage = varUsages[0];
-        const evidence = varUsages.slice(0, 3).map((u) => ({
-            file: u.file,
-            startLine: u.line,
-            endLine: u.line,
-            snippet: u.snippet,
-            label: `Usage of process.env.${varName}`,
-        }));
-        if (varUsages.length > 3) {
-            evidence.push({
-                file: varUsages[3].file,
-                startLine: varUsages[3].line,
-                endLine: varUsages[3].line,
-                label: `...and ${varUsages.length - 3} more usages`,
-            });
-        }
-        const fingerprint = generateFingerprint({
-            ruleId: RULE_ID,
-            file: firstUsage.file,
-            symbol: varName,
-        });
-        const hasEnvExample = envExampleContent !== null;
-        findings.push({
-            id: generateFindingId({
-                ruleId: RULE_ID,
-                file: firstUsage.file,
-                symbol: varName,
-            }),
-            severity,
-            confidence: 0.85,
-            category: "config",
-            ruleId: RULE_ID,
-            title: `Undocumented environment variable: ${varName}`,
-            description: hasEnvExample
-                ? `The environment variable "${varName}" is used in the codebase but is not listed in .env.example. This can lead to deployment issues or confusion for other developers.`
-                : `The environment variable "${varName}" is used but no .env.example file exists. Consider creating one to document required configuration.`,
-            evidence,
-            remediation: {
-                recommendedFix: hasEnvExample
-                    ? `Add "${varName}=" to .env.example with an appropriate default or placeholder value.`
-                    : `Create a .env.example file and add "${varName}=" with documentation.`,
-            },
-            fingerprint,
-        });
-    }
-    return findings;
-}

package/dist/scanners/hallucinations/index.d.ts

@@ -1,4 +0,0 @@
-import type { ScannerPack } from "../types.js";
-export declare const hallucinationsPack: ScannerPack;
-export { scanUnusedSecurityImports, scanNextAuthNotEnforced, findSecurityImports, checkIdentifierUsage, } from "./unused-security-imports.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/scanners/hallucinations/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/hallucinations/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQ/C,eAAO,MAAM,kBAAkB,EAAE,WAIhC,CAAC;AAGF,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC"}

package/dist/scanners/hallucinations/index.js

@@ -1,8 +0,0 @@
-import { scanUnusedSecurityImports, scanNextAuthNotEnforced, } from "./unused-security-imports.js";
-export const hallucinationsPack = {
-    id: "hallucinations",
-    name: "Security Hallucinations",
-    scanners: [scanUnusedSecurityImports, scanNextAuthNotEnforced],
-};
-// Re-export for testing
-export { scanUnusedSecurityImports, scanNextAuthNotEnforced, findSecurityImports, checkIdentifierUsage, } from "./unused-security-imports.js";

package/dist/scanners/hallucinations/unused-security-imports.d.ts

@@ -1,36 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "../types.js";
-interface ImportMatch {
-    library: string;
-    importedNames: string[];
-    line: number;
-    snippet: string;
-    isDefaultImport: boolean;
-    isNamespaceImport: boolean;
-}
-/**
- * Find imports of security libraries in a file
- */
-export declare function findSecurityImports(content: string, libraries: string[]): ImportMatch[];
-/**
- * Check if any imported identifiers are used after the import line
- */
-export declare function checkIdentifierUsage(content: string, importLine: number, identifiers: string[], isNamespaceImport: boolean): {
-    identifier: string;
-    used: boolean;
-}[];
-/**
- * VC-HALL-001: Unused Security Imports
- *
- * Detects when security libraries are imported but not used
- */
-export declare function scanUnusedSecurityImports(context: ScanContext): Promise<Finding[]>;
-/**
- * VC-HALL-002: next-auth present but not enforced
- *
- * Detects when next-auth is installed but there's no middleware
- * or server-side auth enforcement in route handlers
- */
-export declare function scanNextAuthNotEnforced(context: ScanContext): Promise<Finding[]>;
-export {};
-//# sourceMappingURL=unused-security-imports.d.ts.map

package/dist/scanners/hallucinations/unused-security-imports.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"unused-security-imports.d.ts","sourceRoot":"","sources":["../../../src/scanners/hallucinations/unused-security-imports.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAoC,MAAM,mBAAmB,CAAC;AAGnF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAwE/C,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,WAAW,EAAE,CA8DvF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EAAE,EACrB,iBAAiB,EAAE,OAAO,GACzB;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,EAAE,CAiBzC;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAgFxF;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAiGtF"}